Why are extensions requesting permissions to access resources?
We have received the question ”why is extension X requesting permission to access resources Y” a few times. Let’s summarise the questions and answers in this post as they drop in.
2016.08.11 – Add Work Item Visualization
Work Item Visualization
- Why do you need to access the code?
- Could you please explain the permissions requested by the extension?
- What is happening with the data? Does it leave our TFS server or will it stay in-house?
Answer, by Taavi Koosaar:
- The reason is that the visualization allows to expand and visualize all types of links. When an item has changesets or commits linked to it, those too will be added to visualization and can be expanded further. You can continue going further pretty much endlessly by expanding File and finding all commits / changesets for it etc. To be able to expand commits / changesets we need read access to code, even though we never visualize the code itself (js or c# or other) – just the metadata about it e.g. file name, author, date or commit id, date. Very basic and shown on visualization. You can also navigate to those changesets / commits / files from visualization.
- The extension installed on Team Services or TFS on-prem, runs in client’s browser and data is not sent anywhere.